Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Tree: 1044fd59ba
Fetching contributors…

Cannot retrieve contributors at this time

117 lines (79 sloc) 4.248 kB
$Id: TODO,v 1.7 1999/10/11 21:22:23 he Exp $
Important:
The server and client initially need to run with root privileges.
Thus, those parts need careful review by experienced unix
programmers who should watch out for potential security hazards.
In particular buffer overflows triggered by cmd line options or
environment (eftp) or received protocol data units (eftd)
The server authentication procedure is a port from wu-ftpd.
Check 0-Termination of received string parameters.
Not showstoppers, but should be done before a possible stable release:
- more casefix testing with new mangeling method
- selectively and automatically (for file systems not supporting
symlinks) disallow symlink-based transfer name database
lookup
- certain disconnect scenarios result in error/warning
messages which are harmless, but might confuse novice users.
(in particular, release amd wait for release seems to be buggy)
- scan all source files for FIXME/XXX/#if 0 labels and
try cleaning this up.
- improve autoconf readline support (support non-default
locations of libreadline and lib[n]curses).
- autoconf is somewhat ugly as several configuration variables
are passed to the source files by different channels
(config.h, -D option) and name schemes are inconsistent.
- improved event logging (with error indications and
distinction of successful/failed requests).
- improved parameter logging within events (handle unset
parameters nicer).
Currently, when requesting establishment of association and access
regime, the parameters in the corresponding positive response are
not evaluated properly. This might leed to inconsistencies between
the peer's and our own idea of those protocol parameter settings.
To do: Review and improve those regime establishment (and release)
processing.
Currently, exception and error events are often not dealed with
or generated properly. Error events are not counted. Thus, this
implementation might fail if certain error conditions occur.
To do: Review and improve error handling
Currently the CI field of the result/reason parameter of received
T-response-pos/neg is not always checked for matching the corresponding
command CI.
To do: Check and implement appropriate exception actions if
mismatch is detected.
Currently the file header is neither analysed nor processed
(just stripped) when files are received.
To do: Analyse file headers and implement appropriate actions.
Currently, certain ETS 300 075 services (in particular T_Delete, T_Rename,
T_Read_Restart) are not supported. The supported
services don't support all (optional) parameters. Thus, the corresponding
Eurofile services are not supported, either (in particular no
deletion nor renaming of files).
To do:
Enhance protocol processing.
Not urgent at all, might take care of after the first stable release
if anybody is interested:
For future portability to non-posix system, consider implementing a
tdu_stream object which is based on standard C file handles
instead of unix file-descriptors. This might also improve performance
due to internal buffering.
The eftp client provided with eftp4linux is a rather primitive
front end (this is intentional) to the eft protocol library's
client code.
To Do: write more user friendly client front ends. Or even better,
add eurofile support to existing user tools (i.e. mozilla,
GUI file managers) or write an eft-http gateway by means
of the eftp4linux core library.
Support other authentication methods (PAM comes to mind)
And the "to do" list is incomplete as well.
Meta to do: Enhance "to do" list.
Supplement by ms@msdatec.de:
Until nobody complains, in short form and in German:
- über Konfiguration durch /etc/isdn/eftd.conf nachdenken
- einkommende Dateien schützen
- Log- von Debug-Infos trennen, Loginfos sollen statistikfähig sein
- how2 schreiben
- NEWS-File
- "install" in "Makefile" implementieren
- Versionsnummern von Protokollimplementation, eftd und eftp trennen.
- Sollte das pid-file nicht von eftd selbst gesetzt/geloescht werden?
Jump to Line
Something went wrong with that request. Please try again.